Skip to content

The Arista perimeter router must be configured to suppress Router Advertisements on all external IPv6-enabled interfaces.

An XCCDF Rule

Description

<VulnDiscussion>Many of the known attacks in stateless autoconfiguration are defined in RFC 3756 were present in IPv4 ARP attacks. To mitigate these vulnerabilities, links that have no hosts connected such as the interface connecting to external gateways must be configured to suppress router advertisements.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-256059r882519_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

This requirement is not applicable for the DODIN backbone. 

Configure the Arista router to suppress Router Advertisements on all external IPv6-enabled interfaces.

Configure the Arista router to suppress RAs on all IPv6 enabled interface as in the following example for VLAN 200: